Methods and systems for biometric verification

ABSTRACT

Pursuant to some embodiments, methods, systems, apparatus, computer program code and means for verifying a cardholder during a transaction involving a transaction device and a terminal are provided. Pursuant to some embodiments, the invention includes transmitting biometric rule information from a transaction device to a terminal, the biometric rule information defining a biometric sample to be acquired at the terminal, receiving, from the terminal, a detected biometric sample. The detected biometric sample is compared to a biometric reference template stored in the transaction device, and the cardholder is verified if the detected biometric sample matches the biometric reference template.

The use of biometric techniques to authenticate payment transactions andverify the identity of payment device holders is increasing. Biometrictechniques that are promoted for this use include voice, fingerprint,iris, vein pattern and other scans. Currently, the type of biometric tobe captured for a given transaction is determined by the biometricterminal in use at a transaction location. Further, the transactionterminal also controls what steps are to be taken in the event of anauthentication failure. Payment device issuers have little (if any)control over the authentication process to be used.

It would be desirable to allow payment (or other information carrying)device issuers to have greater control over the biometric authenticationprocess. It would further be desirable to allow issuers to control thetype and level of biometric authentication required for transactions,and how verification failures are to be handled.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting a system configured pursuant to someembodiments.

FIG. 2 is a block diagram depicting a transaction device configuredpursuant to some embodiments.

FIG. 3 is a block diagram depicting a transaction system configuredpursuant to some embodiments.

FIG. 4 is a flow diagram depicting a verification process pursuant tosome embodiments.

DESCRIPTION

Embodiments of the present invention relate to systems, methods,processes, computer program code, and means for biometric verification.Pursuant to some embodiments, a biometric verification rules table isstored on a transaction device (such as a payment card or otherinformation device having an integrated circuit chip and memory). Thebiometric verification rules table is created by an issuer of the device(or an agent of the issuer) and is stored on the transaction device in apersonalization process or by updating a memory of the transactiondevice. The biometric verification rules table specifies the level (andtype) of biometric authentication required by transactions involving thetransaction device. Pursuant to some embodiments, biometricauthentication may be controlled and carried out in off-linetransactions (e.g., without need for a terminal which is in remotecommunication with the issuer).

In some embodiments, a reader is operated to verify the identity of acardholder during a transaction, including receiving a biometricinformation template from the transaction device, prompting thecardholder to present a required biometric feature for reading by thereader, the required biometric feature determined based on informationin the biometric information template, reading the required biometricfeature to create a sample set of biometric data, transmitting thesample set of biometric data to the transaction device, and receiving aresponse from the transaction device, the response including at leastone of a success code, a further biometric information template, and afailure code.

Embodiments of the present invention allow an issuer of a transactiondevice to specify the level of biometric authentication required, aswell as to define alternative biometric and other authentication stepsin the event of authentication failure. Further, pursuant to someembodiments, issuers may enforce multiple biometric verificationrequirements as part of a single transaction. The result is a systemwhich puts control of the authentication process in the hand of theissuer and which ensures that biometric authentication may be used inlocations (and for transactions) where the communications infrastructureis unreliable or unavailable.

A number of terms are used herein to describe features of someembodiments of the present invention. For example, as used herein, theterm “transaction device” is used to refer to a portable device whichincludes one or more integrated circuit (“IC”) chips and which storesinformation (such as payment information, personal information, or thelike) that may be used in conjunction with transactions (such as paymenttransactions). Pursuant to some embodiments, a “transaction device” maybe a contact or a contactless device capable of communication with areader device using wireless communication techniques. For example, atransaction device may be an information-carrying device that iscompliant with one or more of: ISO/IEC 14443 Standard, ISO/IEC 18000standard, the NFC standards including ISO/IEC 18092/ECMA 340 and ISO/IEC21481/ECMA 352, and other standards such as the EMV standards (availableat www.emvco.com) and the “PayPass” standards promulgated by MasterCardInternational Incorporated.

For illustration, and to describe features of some embodiments, aparticular transaction device will be used as an example herein—apayment device compliant with the ISO/IEC 14443 Standard, the EMVstandards, and the “PayPass” standards (e.g., a contactless payment cardwill be used as an illustrative example of a particular “transactiondevice” throughout this disclosure). Those skilled in the art willappreciate, upon reading the present disclosure, that similar techniquesmay be used for other transaction devices.

As used herein, the term “issuer” is used to refer to an entity (or anagent of the entity) that “issues” or distributes transaction devicesconfigured pursuant to embodiments of the present invention. Forexample, in the context of a transaction device used for paymenttransactions, the issuer may be the financial institution that holds apayment account associated with the transaction device and that holds anaccount relationship with the customer (referred to herein as a“cardholder”) the transaction device was issued to. In general,“issuers” are concerned with ensuring that the identities of cardholdersare properly verified during transactions involving their transactioncards. Embodiments of the present invention allow issuers to control thebiometric techniques used to verify cardholders during transactionsinvolving devices issued by the issuer.

As used herein, the term “biometric” or “biometrics” is used to refer toscans or digital representations (or “samples”) of physical featuresassociated with a cardholder that are to be verified during atransaction. The physical features can include voice, fingerprint, iris,vein pattern or the like. As used herein, feature data from a biometricsample may be extracted to select features of interest. Extractedbiometric feature data is referred to herein as a “template”.

As used herein, the term “cardholder verification method” (or “CVM”) isused to refer to a selected method to verify a cardholder during atransaction involving a transaction device configured pursuant toembodiments of the present invention. A CVM may be, for example, abiometric verification, password verification, or the like.

Features of embodiments of the present invention will now be describedby first referring to FIG. 1, which is a block diagram depicting asystem 100 configured pursuant to some embodiments.

As shown in FIG. 1 a system 100 includes a transaction device 102 incommunication with a terminal 104. The terminal 104 includes a biometricreader 106. The transaction device 102 may be any of a number ofdifferent types of portable devices having one or more IC chips whichare configured to support biometric verification pursuant to the presentinvention. For the purpose of illustrating features of the presentinvention, the transaction device 102 will be described as a contactlesspayment card which is configured to operate in accordance with the EMVspecifications as well as the PayPass specifications introduced above.The terminal 104 is, for example, a point of sale terminal configured tooperate in accordance with the EMV specifications and may include acontactless reader configured to interact with transaction device 102.Pursuant to some embodiments, the terminal 104 need not be in constantcommunication with a remote processing center; instead, pursuant to someembodiments, the terminal 104 may interact with the transaction device102 in an “off line” manner as will be described herein. Those skilledin the art will appreciate that terminals which are in communicationwith a remote processing center during all (or part of) a transaction(e.g., are “online” transactions) may also be used pursuant to thepresent invention.

According to some embodiments, a cardholder may present the transactiondevice 102 to the terminal 104 to conduct a transaction (such as apayment transaction). In many situations, an issuer of the transactiondevice 102 may wish to enforce one or more cardholder verification rulesto ensure that the person presenting the transaction device 102 in thetransaction is an authorized holder of the transaction device. Inprevious systems, cardholder verification was performed using personalidentification numbers (or “PINs”) or other methods. It is desirable, insome situations, to require that a biometric feature of the cardholderbe verified to prior to conducting certain transactions. Embodiments ofthe present invention allow biometric verification to be performed in amanner specified by an issuer of the transaction device 102.

While further details regarding the biometric verification will beprovided below, a brief overview will illustrate certain features of thepresent invention. In a typical transaction pursuant to the presentinvention, a person presents transaction device 102 at terminal 104 toconduct a transaction. The terminal 104 and the transaction device 102interact with an initial communications handshake in which thetransaction device 102 and the terminal 104 establish a communicationssession. The exact nature of the communications handshake may varydepending on the communications standard used (e.g., the communicationshandshake may follow the communications protocol established by the EMVspecifications, for example).

Once communication has been established, and the terminal 104 andtransaction device 102 identify each other as supporting biometricverification processing, the terminal 104 requests a biometricinformation template (or “BIT”) from the transaction device 102. Thetransaction device 102 returns a BIT, and the terminal 104 uses thedetails in the BIT to prompt the cardholder to present a requiredbiometric feature to the biometric reader 106 for reading (e.g., if theBIT specifies that the cardholder's fingerprint from their right indexfinger be obtained, the terminal 104 prompts the cardholder to presenthis or her right index finger to a the biometric reader 106 forscanning). The terminal 104 obtains and processes the sample to create atemplate (as will be described further below) and returns the sample tothe transaction device 102. The transaction device 102 compares thereceived sample with a stored template. If the biometric sample matchesthe stored template, a success message may be returned to the terminalindicating that the cardholder has been successfully verified. Thetransaction may then be completed as normal (e.g., a payment transactionmay be completed, following the normal authorization rules of thepayment system).

Pursuant to some embodiments, as will be described further below, theverification may require the capture of additional biometric informationas defined by the issuer of the transaction device 102. Pursuant toembodiments of the present invention, issuers are able to specify theverification sequence by storing verification rules in the transactiondevice 102. The transaction device 102 follows the rules and isresponsible for issuing a verification success or failure message uponcompletion of those rules. The result is a system and method that allowsissuers to control the cardholder verification process even insituations where the transaction device 102 is used in off-lineenvironments (e.g., where the terminal 104 is not in communication withthe issuer or other processing center). Unlike previous biometricverification systems, the verification process and success/failurecriteria is controlled by rules in the transaction device 102, not byrules and criteria stored in the terminal device 104 or remoteprocessing centers.

Reference is now made to FIG. 2 which is a block diagram depicting atransaction device 200 (such as the transaction device 102 of FIG. 1)configured pursuant to some embodiments. In some embodiments,transaction device 200 may be formed as a card-shaped device (e.g., suchas a credit card size device compliant with ISO Standard 7816). Thedevice may be formed in other shapes as well. For example, the devicemay be shaped as a small format card and inserted in a mobile telephoneor other device.

Pursuant to some embodiments, the transaction device 200 has one or moreIC chips 202 embedded therein. The IC chip 202 includes a processorportion 208, an I/O portion 206, and one or more memory portions 210.The I/O portion 206 may include a plurality of electrical contacts (inthe case where the transaction device 200 communicates with terminalsvia contacts) and/or one or more antennas (in the case where thetransaction device 200 communicates with terminals via radio frequencycommunication). In some embodiments, a transaction device 200 may haveboth contactless and contact communication capabilities and may includeboth a plurality of contacts and one or more antennas. Those skilled inthe art will recognize that IC chip 202 may include other components(not shown) such as control logic, timers or the like as is known in theart.

The memory portion 210 may include different forms or types of memory,including, for example, read-only memory, non-volatile memory andprogrammable memory as is known in the art. As shown, the memory portion210 stores a number of data items for use in performing biometricverification pursuant to some embodiments. Those skilled in the art willappreciate that the memory portion 210 may store additional dataelements and applications (not shown) to enable the transaction device200 to interact with terminal devices and to perform transactions.

As shown, the memory portion 210 stores application data 212, one ormore biometric rules tables 214, one or more biometric referencetemplates (“BRTs”) 216, and one or more biometric information templates(“BITs”) 218. The application data 212 includes program instructionsthat, when executed by the processor 208, cause the processor to executea biometric verification process pursuant to embodiments of the presentinvention.

The biometric rules tables 214 stores data (e.g., loaded into the memoryby an issuer of the transaction device 200) used to control thebiometric verification of the cardholders For example, the biometricrules table 214 may include the following data: a field containing oneor more biometric rule numbers (uniquely identifying each biometric ruleassociated with the transaction device and the cardholder), a fieldcontaining one or more BIT reference numbers (each referring to aparticular biometric information template stored in the memory), a fieldcontaining data identifying an action (or actions) to be taken shouldthe biometric verification be successful (e.g., the data may specifyeither that an additional biometric rule number be processed, or thatthe cardholder is successfully verified), a field containing dataidentifying an action (or actions) to be taken should the biometricverification fail (e.g., the data may specify that another rule beprocessed or that the verification transaction be failed), and a fieldcontaining data identifying a number of retries that may be attemptedshould the verification fail.

Each of these data elements are used in conjunction with the application212 to perform biometric verification processing pursuant to embodimentsof the present invention. Examples of verification rules will beprovided further below in conjunction with a description of FIG. 4. Ingeneral, the biometric verification rules table 210 and related data areused to allow issuers of a transaction device 200 to control theauthentication process during a transaction involving the transactiondevice 200.

For example, use of the biometric verification rules table allows theissuer to control, using rules stored in the transaction device 200, howmany retries to allow for each biometric sample (e.g. the card holdercould be allowed to submit their left index fingerprint up to threetimes within a transaction), what to do in the event of a successfulverification (e.g., the issuer could decide to approve the transaction,or the issuer could decide that more biometric samples are required, forexample, the issuer may decide that the card holder needs tosuccessfully submit their left index fingerprint and their right indexfingerprint before the transaction is approved), and what to do in theevent of a failed verification (e.g., the issuer could deny thetransaction, or the issuer could allow the card holder to submit analternative biometric. For example, the issuer may decide that the cardholder needs to submit either their left middle fingerprint or theirright middle fingerprint.). Pursuant to some embodiments, the issuerdefines the level of biometric authentication required for atransaction. The issuer may also choose to use a combination ofdifferent types of biometrics, for example iris scan and fingerprint.

The transaction card 200 may store a number of different combinationsand types of biometric rules, as will be illustrated below. In oneembodiment, a biometric verification rules table may specify a singlebiometric rule and template (e.g., as shown below in TABLE 1).

TABLE 1 RULE BIT No. SUCCESS FAILURE RETRIES R1 B1 SUCCESS FAILED 4

In some embodiments, the transaction device 200 may store severalbiometric verification rules in the biometric rules table 214. Forexample, as shown in TABLE 2, two biometric information templates 218and rules are provided. As an example, the rules may be constructed suchthat if the first rule is failed (as discussed further below), then thesecond rule must be attempted to successfully verify the cardholders Asa specific example, the first rule could apply a template (B1)representing the cardholder's left index finger fingerprint, while thesecond rule could apply a template (B2) representing the cardholder'sright index finger fingerprint. Successful verification of eithertemplate would result in verification of the cardholder using thisscheme.

TABLE 2 RULE BIT No. SUCCESS FAILURE RETRIES R1 B1 SUCCESS R2 3 R2 B2SUCCESS FAILED 3

In some embodiments, the biometric verification rules table 214 in atransaction device 200 may require that more than one biometric templatebe verified. As an example, as shown in TABLE 3, two biometricinformation templates may be provided, and the rules may specify thatboth templates must be matched for the verification to be successful.

TABLE 3 RULE BIT No. SUCCESS FAILURE RETRIES R1 B1 R2 FAILED 4 R2 B2SUCCESS FAILED 2

In some embodiments, biometric verification rules may be establishedwhich require that more than one, but not all, of the biometricinformation templates be matched for a successful verification. As anexample, shown in TABLE 4, four biometric information templates may beprovided, and the biometric verification rules table 214 may specifythat two out of the four templates must be matched for the verificationto be successful.

TABLE 4 RULE BIT No. SUCCESS FAILURE RETRIES R1 B1 R2 R3 4 R2 B2 SUCCESSR3 4 R3 B3 R4 FAILED 4 R4 B4 SUCCESS FAILED 4

The biometric information templates and biometric reference templatesmay be created using an industry standard format (e.g., such as ISOStandard 19092). The samples taken from the cardholder may be takenprior to, or in conjunction with a personalization process performed bythe issuer (or an agent of the issuer) during issuance of the card. Insome embodiments, the samples may be taken from the cardholder at alater time, and transmitted to, and stored in, a memory of thetransaction device 200.

Reference is now made to FIG. 3, which is a block diagram depicting atransaction system 300 configured pursuant to some embodiments. In atypical transaction environment involving cardholder verificationpursuant to the present invention, a transaction system 300 includes anumber of entities, including a transaction device 302 (e.g., such asthe transaction device 200 described above in conjunction with FIG. 2),a terminal device 304, a processing center 320, and an issuer 330. Thoseskilled in the art will appreciate that a system will include any numberof transaction devices 302, terminal devices 304, and issuers 330. Oneor more processing centers 320 may also be involved.

In embodiments in which features of the present invention are used toperform cardholder verification for payment card transactions, theterminal device 304 may be a point of sale terminal deployed, forexample, at a merchant or sales location, and used to facilitate thesales of goods or services. The terminal device 304 may be incommunication (either intermittently or on a regular basis) with one ormore processing centers 320 to authorize and transmit paymentinformation to issuers 330 to facilitate the clearing and settlement oftransactions. In some embodiments, the processing center 320 is orincludes a payment network (such as the network operated by MasterCardInternational Incorporated). Some or all of the systems or entities maybe in communication over networks such as the Internet, or private orsecure networks.

As shown, the terminal device 304 may include a number of components toallow interaction with a transaction device 302. For example, theterminal device 304 may include a card reader 306 (e.g., such as acontact or contactless reader), a biometric sensor 308 (e.g., such as afingerprint reader, an iris scanner, a signature reader, a handprintscanner, or the like), a program or application 310 (e.g., including,for example, an application to allow communication with transactiondevice 302), a processor 312 and an input/output device 314 (e.g., toallow communication with other devices including, for example, aprocessing center 320). Those skilled in the art will appreciate that awide range of different types of terminal devices 304 may be used. Forexample, a terminal device 304 may be a typical point-of-sale terminal,a terminal embedded or installed in a vending machine, a passport orother information device processing terminal, or the like.

Further detail regarding a verification process pursuant to someembodiments will now be provided by reference to FIG. 4, which is a flowdiagram depicting a verification process 400 pursuant to someembodiments. The verification process 400 may be performed by atransaction device (such as the device 200 of FIG. 2) in interactionwith a terminal device (such as the device 304 of FIG. 3) during atransaction. The process 400 may be performed after initialcommunications between a transaction device and a terminal device havebeen completed (e.g., after an initial handshake process has occurred).

Processing begins at 402 where, for example, an application stored inthe terminal device determines that biometric cardholder verificationprocessing is required. Processing continues at 404 where the terminaldevice reads a biometric information template (“BIT”) from thetransaction device. The selection of the BIT to be provided to theterminal device is, for example, determined by the biometricverification rules stored in the transaction device (e.g., in thebiometric verification rules table, such as table 214 of FIG. 2). Forexample, the transaction card may begin with the first biometricverification rule stored in the card, and cause the BIT associated withthe first biometric verification rule to be transmitted to the terminal.

The BIT specifies the nature of the biometric sample to be collected bythe terminal. Processing continues at 406 where the terminal collectsthe required biometric data. This may be performed, for example, bygenerating a prompt to the cardholder, instructing the cardholder topresent the required biometric feature for reading. If the BIT read at404, for example, requires a left index finger fingerprint, then theterminal may prompt the cardholder to present their left index fingerfingerprint to a fingerprint reader to collect the sample. If theterminal is unable to collect or read the required feature, processingcontinues to 410. If the terminal is able to collect the requiredfeature, processing continues at 408 as the terminal converts thesampled feature into a sample template (e.g., in accordance with astandard format such as the format specified by ISO Standard 19092) andtransmits the sampled data in a sample template to the transaction card.

At 408, the transaction card processes the sample template from theterminal by comparing the biometric reference template associated withthe current BIT to the sample template. Processing continues at 410where the transaction card applies the biometric verification rules inthe biometric verification rules table to the results of 408. If thesample template matches the biometric reference template, then thetransaction card application examines the “success” column of thebiometric verification rules table. If the “success” column indicatesthat another rule must be performed, then the application moves to thenew rule in the table, and the process returns to 404. If the “success”column indicates that the verification should be considered successfulbased on the single BIT verification, then the transaction card returnsa “SUCCESS” message to the terminal and verification is complete.

If the sample template does not match the biometric reference template,then the transaction device application examines the “retries” column ofthe rules table to determine whether the transaction should “FAIL” or ifa retry is available. If a retry is available, the retry counter isdecremented, and processing reverts to step 406, and the same BIT isapplied. If the retry counter has been exhausted, then the transactiondevice will examine the “failed” column of the biometric verificationrules table. If another rule is available and should be followed, thenthe transaction device will retrieve the next rule and it's associatedBIT and processing reverts to step 404. The process continues until afinal “SUCCESS” or “FAIL” is reached.

In the embodiments described above, a fixed mode of operation specifiedby the biometric verification rules table is followed, and all of thematching is determined by an application stored on the transactiondevice 200. In some embodiments, a transaction device may randomlychoose rules from the biometric verification rules table. In suchembodiments, the transaction device 200 may be configured withadditional parameters which define the number of rules which must bepassed for authentication to succeed and the maximum number of failedrules before authentication is considered to be a failure.

In this embodiment, the transaction device randomly selects rules fromthe biometric verification rules table. If verification is successfulthen the transaction device increments a success counter. If the countis equal to the number of successful verifications required then thetransaction device considers the authentication as successful. If moresuccesses are required then the transaction device picks another rule atrandom.

In the case of a failed verification, the transaction device incrementsa failed counter if the number of retries has been exhausted or theverification is skipped. If the failed count is greater than a maximumnumber of failures allowed then the transaction device considers theauthentication as failed. If more failures are allowed then thetransaction device selects another rule at random.

In a further embodiment, transaction devices may be deployed withoutbiometric reference data stored thereon (e.g., the cardholder'sbiometric reference data is not loaded onto the transaction device). Insuch embodiments, the transaction device may only store the biometricverification rules table. The biometric verification rules table may beread by the terminal during transactions and the terminal may use thedata from the table to directly perform the required authentications.

The above descriptions of processes herein should not be considered toimply a fixed order for performing the process steps. Rather, theprocess steps may be performed in any order that is practicable,including simultaneous performance of at least some steps.

Although the present invention has been described in connection withspecific exemplary embodiments, it should be understood that variouschanges, substitutions, and alterations apparent to those skilled in theart can be made to the disclosed embodiments without departing from thespirit and scope of the invention as set forth in the appended claims.

1. A method for operating a reader to verify a cardholder during atransaction, the method comprising: receiving a biometric informationtemplate from said transaction device; prompting the cardholder topresent a required biometric feature for reading by said reader, saidrequired biometric feature determined based on information in saidbiometric information template; returning a response to said biometricinformation template to said transaction device; receiving averification response from said transaction device, said verificationresponse including at least one of a success code, a further biometricinformation template, and a failure code.
 2. The method of claim 1,further comprising reading said required biometric feature to create asample template of biometric data, said response returned to saidtransaction device further comprising said sample template of biometricdata.
 3. The method of claim 1, wherein said response returned to saidtransaction device includes data indicating that no biometric featurewas captured by said reader.
 4. The method of claim 1, wherein saidverification response includes a failure code, the method furthercomprising: prompting said cardholder to represent said requiredbiometric feature for reading by said reader; reading said requiredbiometric feature to create a second sample template of biometric data;transmitting said second sample template of biometric data to saidtransaction device; and receive a second verification response from saidtransaction device, said second response including at least one of asuccess code, a further biometric information template, and a failurecode.
 5. The method of claim 1, wherein said verification responseincludes both a failure code and a request to repeat said reading saidrequired biometric feature to create a second sample template ofbiometric data.
 6. The method of claim 1, wherein said verificationresponse includes a further biometric information template, the methodfurther comprising: prompting the cardholder to present an additionalrequired biometric feature for reading by said reader, said additionalrequired biometric feature determined based on information in saidfurther biometric information template; reading said additional requiredbiometric feature to create a sample template of additional biometricdata; transmitting said sample template of additional biometric data tosaid transaction device; and receiving a further verification responsefrom said transaction device, said further verification responseincluding at least one of a success code, a further biometricinformation template, and a failure code.
 7. The method of claim 1,wherein said biometric information template is selected based on acurrently active rule in said transaction device.
 8. The method of claim1, wherein said biometric information template includes informationspecifying a particular biometric feature to be sampled.
 9. The methodof claim 8, wherein said particular biometric feature to be sampledincludes at least one of: a finger image, a finger pattern, an irisimage, a signature image, a vascular image, and a hand image.
 10. Themethod of claim 8, wherein said biometric information template furthercomprises information specifying an algorithm to be used to create saidsample template of biometric data.
 11. A method for verifying acardholder during a transaction involving a transaction device and aterminal, comprising: transmitting biometric rule information from thetransaction device to the terminal, the biometric rule informationdefining a biometric sample to be acquired at said terminal; receiving,from said terminal, a detected biometric sample; comparing said detectedbiometric sample to a biometric reference template, and verifying saidcardholder if said detected biometric sample matches said biometricreference template.
 12. A transaction device, comprising: a processor;an input/output device coupled to said processor; a memory unit incommunication with said processor and storing at least a first biometricverification rule, at least a first biometric information template and aprogram, wherein the processor is operative with said program to:receive a transaction request from a terminal device; determine acurrent biometric verification rule, and based on said current biometricverification rule transmit said at least first biometric informationtemplate to said terminal device; receive a biometric sample templatefrom said terminal device; compare said biometric sample template with astored biometric sample; and determine a verification status based onsaid comparison.
 13. The transaction device of claim 12, wherein saidtransaction device is a payment card.
 14. The transaction device ofclaim 12, wherein said input/output device communicates with saidterminal device, said input/output device including at least one of aplurality of electrical contacts and an antenna, said input/outputdevice communicating with said terminal device.
 15. The transactiondevice of claim 12, wherein the processor is further operative with saidprogram to: transmit said verification status to said terminal device.16. The transaction device of claim 12, wherein said verification statusis at least one of a success code, a further biometric informationtemplate, and a failure code.
 17. The transaction device of claim 12,wherein said at least first biometric template includes informationspecifying a particular biometric feature to be sampled.
 18. Thetransaction device of claim 17, wherein said particular biometricfeature to be sampled is at least one of: a fingerprint, a fingerpattern, an iris, a signature, a vascular image, and a handprint.
 19. Acomputer-readable medium storing processor-executable process stepsthat, when executed by a processor, perform a method, wherein the methodcomprises: transmitting biometric rule information from the transactiondevice to the terminal, the biometric rule information defining abiometric sample to be acquired at said terminal; receiving, from saidterminal, a detected biometric sample; comparing said detected biometricsample to a biometric reference template stored in said transactiondevice; and verifying said cardholder if said detected biometric samplematches said biometric reference template.